REST APIs to Get/Update/Delete SSO configuration on Jira Data Center

Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

In this article, we will see how to get, update, or delete the SSO configuration on Jira Data Center using the private REST APIs.

Jira Data Center is bundled with the SSO for Atlassian Server and Data Center App (Atlassian SSO App), with which administrators can configure SSO authentication using SAML 2.0 or OIDC with the preferred Identity Provider (IdP) supporting these standards.

Check SAML single sign-on for Atlassian Data Center applications for further details about the Atlassian SSO App.

This App has some private REST APIs to allow checking and editing of its configuration. This document highlights these APIs and provides examples of usage.

Being private APIs means they may change without necessarily following the Atlassian REST API policy.

Environment

Jira Data Center 8.15 or later

  • Although this document references Jira, it may be used by administrators of Confluence and Bitbucket when configuring SSO.

SSO for Atlassian Data Center 4.2.5

  • These methods were made available since App version 4.2.0.

Solution

GET /rest/authconfig/1.0/login-options

Show all enabled authentication options.

JIRA_PAT='My+PAT' JIRA_BASE_URL=https://jira.test.com curl -s -X GET \ -H "Authorization: Bearer ${JIRA_PAT}" \ -H 'Accept: application/json' \ ${JIRA_BASE_URL}'/rest/authconfig/1.0/login-options'

Example response

{ "results": [ { "type": "LOGIN_FORM", "id": 0 }, { "type": "IDP", "id": 1, "button-text": "Log in with IdP 1", "login-link": "https://jira.test.com/plugins/servlet/external-login/1" }, { "type": "IDP", "id": 2, "button-text": "Log in with another IdP", "login-link": "https://jira.test.com/plugins/servlet/external-login/2" } ], "size": 3, "start": 0, "limit": -1, "isLastPage": true }

GET /rest/authconfig/1.0/idps

Get detailed configuration from all IdPs.

JIRA_PAT='My+PAT' JIRA_BASE_URL=https://jira.test.com curl -s -X GET \ -H "Authorization: Bearer ${JIRA_PAT}" \ -H 'Accept: application/json' \ ${JIRA_BASE_URL}'/rest/authconfig/1.0/idps'

Example response

{ "results": [ { "id": 1, "name": "SAML SSO", "enabled": true, "certificate": "MI(...)AHM", "sso-type": "SAML", "include-customer-logins": false, "enable-remember-me": true, "last-updated": "2021-09-20T13:12:05.075-03:00", "jit-configuration": { "user-provisioning-enabled": false, "mapping-display-name": "", "mapping-email": "", "mapping-groups": "", "additional-openid-scopes": [] }, "button-text": "Log in with IdP 1", "idp-type": "GENERIC", "sso-url": "https://my.idp.com/27011985/sso/saml", "sso-issuer": "https://my.idp.com/27011985", "username-attribute": "${NameID}" }, { "id": 2, "name": "Another SAML SSO", "enabled": true, "certificate": "MI(...)TM", "sso-type": "SAML", "include-customer-logins": false, "enable-remember-me": true, "last-updated": "2021-09-22T11:57:07.392-03:00", "jit-configuration": { "user-provisioning-enabled": false, "mapping-display-name": "", "mapping-email": "", "mapping-groups": "", "additional-openid-scopes": [] }, "button-text": "Log in with another IdP", "idp-type": "GENERIC", "sso-url": "https://another.idp.com/12062019/sso/saml", "sso-issuer": "https://another.idp.com/12062019", "username-attribute": "${NameID}" } ], "size": 2, "start": 0, "limit": 50, "isLastPage": true }

POST /rest/authconfig/1.0/idps

Create a new configuration for an IdP.

JIRA_PAT='My+PAT' JIRA_BASE_URL=https://jira.test.com curl -s -X POST \ -H "Authorization: Bearer ${JIRA_PAT}" \ -H 'content-type: application/json' \ -H 'Accept: application/json' \ ${JIRA_BASE_URL}'/rest/authconfig/1.0/idps' \ -d '{ "name": "New SAML SSO", "enabled": true, "certificate": "(...)", "sso-type": "SAML", "enable-remember-me": true, "button-text": "Log in with the new IdP", "idp-type": "GENERIC", "sso-url": "https://new.idp.com/12062019/sso/saml", "sso-issuer": "https://new.idp.com/12062019", "username-attribute": "${NameID}", "jit-configuration": { "user-provisioning-enabled": false }

Example response

{ "id": 3, "name": "New SAML SSO", "enabled": true, "certificate": "(...)", "sso-type": "SAML", "include-customer-logins": false, "enable-remember-me": true, "last-updated": "2021-09-22T20:33:07.55-03:00", "jit-configuration": { "user-provisioning-enabled": false, "mapping-display-name": "", "mapping-email": "", "mapping-groups": "", "additional-openid-scopes": [] }, "button-text": "Log in with the new IdP", "idp-type": "GENERIC", "sso-url": "https://new.idp.com/12062019/sso/saml", "sso-issuer": "https://new.idp.com/12062019", "username-attribute": "${NameID}" }

GET /rest/authconfig/1.0/idps/{id}

Get the configuration of an IdP.

JIRA_PAT='My+PAT' JIRA_BASE_URL=https://jira.test.com JIRA_SSO_IDP_ID=1 curl -s -X GET \ -H "Authorization: Bearer ${JIRA_PAT}" \ -H 'Accept: application/json' \ ${JIRA_BASE_URL}'/rest/authconfig/1.0/idps/'${JIRA_SSO_IDP_ID}

Example response

{ "id": 1, "name": "SAML SSO", "enabled": true, "certificate": "MI(...)eZ", "sso-type": "SAML", "include-customer-logins": false, "enable-remember-me": true, "last-updated": "2021-09-20T13:12:05.075-03:00", "jit-configuration": { "user-provisioning-enabled": false, "mapping-display-name": "", "mapping-email": "", "mapping-groups": "", "additional-openid-scopes": [] }, "button-text": "Log in with IdP 1", "idp-type": "GENERIC", "sso-url": "https://my.idp.com/27011985/sso/saml", "sso-issuer": "https://my.idp.com/27011985", "username-attribute": "${NameID}" }

PATCH /rest/authconfig/1.0/idps/{id}

Change one or more attributes in the configuration of an IdP.

JIRA_PAT='My+PAT' JIRA_BASE_URL=https://jira.test.com JIRA_SSO_IDP_ID=1 curl -s -X PATCH \ -H "Authorization: Bearer ${JIRA_PAT}" \ -H 'content-type: application/json' \ -H 'Accept: application/json' \ ${JIRA_BASE_URL}'/rest/authconfig/1.0/idps/'${JIRA_SSO_IDP_ID} \ -d '{ "enable-remember-me": false, "button-text": "Log in with patched IdP" }'

Example response

{ "id": 1, "name": "SAML SSO", "enabled": true, "certificate": "MI(...)eZ", "sso-type": "SAML", "include-customer-logins": false, "enable-remember-me": false, "last-updated": "2021-09-22T22:15:24.599-03:00", "jit-configuration": { "user-provisioning-enabled": false, "mapping-display-name": "", "mapping-email": "", "mapping-groups": "", "additional-openid-scopes": [] }, "button-text": "Log in with patched IdP", "idp-type": "GENERIC", "sso-url": "https://my.idp.com/27011985/sso/saml", "sso-issuer": "https://my.idp.com/27011985", "username-attribute": "${NameID}" }

DELETE /rest/authconfig/1.0/idps/{id}

Delete one or more attributes in the configuration of an IdP.

JIRA_PAT='My+PAT' JIRA_BASE_URL=https://jira.test.com JIRA_SSO_IDP_ID=1 curl -s -X DELETE \ -H "Authorization: Bearer ${JIRA_PAT}" \ ${JIRA_BASE_URL}'/rest/authconfig/1.0/idps/'${JIRA_SSO_IDP_ID}

Additional resources

Updated on August 29, 2025
Platform
Data Center only
App
Jira Software Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community